User not authenticated. Please log in to view this page."; $username = 'Guest'; $user_role = 'N/A'; } // Data from form submission (used for sticky fields) $application_date = $_POST['application_date'] ?? date('Y-m-d'); $application_body = $_POST['application_body'] ?? ''; // --- Fixed Letterhead Components --- $company_name = "Cyberlog Ltd."; $company_address_short = "1/6, Block: New- C, Mirpur-1, Dhaka-1216"; $company_email = "info@cyberlog.com.bd"; $company_website = "www.cyberlog.com.bd"; $recipient_name = "Hridoy Mustofa"; $recipient_title = "Founder & CEO"; $recipient_details = "Cyberlog Ltd.
1/6, Block: New- C, Mirpur-1,
Dhaka-1216, Bangladesh"; // --- ADMIN ACTION HANDLER (Approve/Reject) --- if ($user_authenticated && $is_admin && isset($_GET['action']) && isset($_GET['app_id']) && is_numeric($_GET['app_id'])) { $app_id = (int)$_GET['app_id']; $action = $_GET['action']; $new_status = ''; if ($action == 'approve') { $new_status = 'Approved'; } elseif ($action == 'reject') { $new_status = 'Rejected'; } if ($new_status && isset($conn)) { // Update the status in the database $sql_update = "UPDATE leave_applications SET status = ?, reviewed_by = ? WHERE id = ? AND status = 'Pending'"; if ($stmt_update = $conn->prepare($sql_update)) { $stmt_update->bind_param("ssi", $new_status, $username, $app_id); if ($stmt_update->execute() && $stmt_update->affected_rows > 0) { $status_message = "

Application ID **{$app_id}** successfully marked as **{$new_status}**.

"; } elseif ($stmt_update->affected_rows === 0) { $status_message = "

Application ID **{$app_id}** was not updated (might have already been reviewed).

"; } else { $status_message = "

Database Error: Could not update status.

"; } $stmt_update->close(); } } // Redirect to the viewing page after action to prevent re-submission on refresh header("Location: admin_dashboard.php?page=leave_application&view_app_id={$app_id}"); exit; } // --- FUNCTION: Builds the Leave Application HTML (Unchanged structure) --- function get_leave_application_html( $app_id, $app_date, $app_body, $user_name, $user_role, $recipient_name, $recipient_title, $recipient_details, $status = 'Pending' ) { global $company_name, $company_address_short, $company_email, $company_website; // NOTE: This HTML is optimized for clean printing/PDF generation. $html = "

Date: ".date('F j, Y', strtotime($app_date))."

To,

{$recipient_name}

{$recipient_title}

{$recipient_details}

Subject: Request for Leave.

Dear Sir,

".nl2br(htmlspecialchars($app_body))."

Sincerely,

{$user_name}

{$user_role},

{$company_name}

Application Status: {$status}

"; return $html; } // --- Logic to View a Specific Leave Application --- $current_app_status = ''; $current_app_id = null; if ($user_authenticated && isset($_GET['view_app_id']) && is_numeric($_GET['view_app_id'])) { $view_id = (int)$_GET['view_app_id']; $current_app_id = $view_id; // Store ID for admin buttons // Admin should be able to view ANY application, employees only their own. $sql_where = $is_admin ? "id = ?" : "id = ? AND created_by = ?"; $sql_main = "SELECT * FROM leave_applications WHERE {$sql_where}"; if (isset($conn) && $stmt_main = $conn->prepare($sql_main)) { if ($is_admin) { $stmt_main->bind_param("i", $view_id); } else { $stmt_main->bind_param("ii", $view_id, $user_id); } $stmt_main->execute(); $result_main = $stmt_main->get_result(); $app_record = $result_main->fetch_assoc(); $stmt_main->close(); if ($app_record) { $current_app_status = $app_record['status']; // Store status for button logic // When Admin views an app, use the original applicant's details for the signature block $applicant_username = $app_record['username']; $applicant_role = $app_record['role']; $generated_content = get_leave_application_html( $app_record['id'], $app_record['application_date'], $app_record['application_body'], $applicant_username, $applicant_role, $recipient_name, $recipient_title, $recipient_details, $current_app_status ); $status_message = "

Viewing Application ID: **{$app_record['id']}** (Status: {$current_app_status}) from ".date('M j, Y', strtotime($app_record['application_date']))."

"; // Do NOT update sticky fields when viewing history // $application_date = $app_record['application_date']; // $application_body = $app_record['application_body']; } else { $status_message = "

Leave application not found or you are unauthorized to view it.

"; } } else if ($user_authenticated) { $status_message = "

Database connection required to view records.

"; } } // --- Logic to Handle Form Submission (Submit and Save as Pending) --- if ($user_authenticated && $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit_application'])) { // 1. Sanitize & Prepare Inputs $application_date = isset($conn) ? $conn->real_escape_string($_POST['application_date'] ?? date('Y-m-d')) : ($_POST['application_date'] ?? date('Y-m-d')); $application_body = isset($conn) ? $conn->real_escape_string($_POST['application_body'] ?? '') : ($_POST['application_body'] ?? ''); if (empty($application_date) || empty($application_body)) { $status_message = "

Both the Date and the Application Body fields are required.

"; } else { // --- Database Logic: Save to DB with 'Pending' status --- $initial_status = 'Pending'; if (isset($conn)) { // Updated SQL to include status and role $sql_main = "INSERT INTO leave_applications (application_date, application_body, created_by, username, role, status) VALUES (?, ?, ?, ?, ?, ?)"; if ($stmt_main = $conn->prepare($sql_main)) { $stmt_main->bind_param("sissss", $application_date, $application_body, $user_id, $username, $user_role, $initial_status); if ($stmt_main->execute()) { $last_id = $stmt_main->insert_id; $status_message = "

Leave Application ID **{$last_id}** submitted successfully and is now **Pending** review by the admin.

"; // Generate HTML Content for the Draft Viewer $generated_content = get_leave_application_html( $last_id, $application_date, $application_body, $username, $user_role, $recipient_name, $recipient_title, $recipient_details, $initial_status ); // Clear fields after successful submission $application_date = date('Y-m-d'); $application_body = ''; } else { $status_message = "

Database error: " . $stmt_main->error . "

"; } $stmt_main->close(); } else { $status_message = "

Database preparation error: " . $conn->error . "

"; } } else { // No database connection available (development/testing environment) $status_message = "

Leave Application submitted successfully (DB save skipped in demo mode). Status: **Pending**.

"; // Generate HTML Content for the Draft Viewer $generated_content = get_leave_application_html( 'DRAFT', $application_date, $application_body, $username, $user_role, $recipient_name, $recipient_title, $recipient_details, $initial_status ); } } } ?>

New Leave Application (Logged in as: )

Leave Application Draft Preview

Approve Reject

Application status is ****. No further action required.

+ Create New

Saved Leave Application History

prepare($sql_history); $stmt_history_ready = $stmt_history; } else { // Employee sees only their own $sql_history = "SELECT {$sql_history_fields} FROM leave_applications WHERE created_by = ? ORDER BY created_at DESC LIMIT 10"; $stmt_history = $conn->prepare($sql_history); if ($stmt_history) { $stmt_history->bind_param("i", $user_id); $stmt_history_ready = $stmt_history; } else { $stmt_history_ready = false; } } if ($stmt_history_ready) { $stmt_history_ready->execute(); $result_history = $stmt_history_ready->get_result(); while ($row = $result_history->fetch_assoc()) { $app_history[] = $row; } $stmt_history_ready->close(); } } if (empty($app_history)): ?>

No leave applications found for your account yet.

ID	Application Date	Applied By	Status	Submitted On	Action
					View